Vulnerabilities > CVE-2005-4799 - Unspecified vulnerability in Yapig

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

yapig

nessus

exploit available

NVD

Published: 2005-12-31

Updated: 2024-11-21

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Homepage field (aka the Website field) in an "image-related comment" and (2) the img_size field in view.php. NOTE: due to lack of details from the researcher, it is not clear whether the comment vector overlaps CVE-2005-1886.

Vulnerable Configurations

Part	Description	Count
Application	Yapig Yapig Yapig 0.94U Yapig Yapig 0.93U Yapig Yapig 0.92B Yapig Yapig 0.95	4

Exploit-Db

description	YaPig 0.95 b view.php img_size Parameter XSS. CVE-2005-4799 . Webapps exploit for php platform
id	EDB-ID:26345
last seen	2016-02-03
modified	2005-10-13
published	2005-10-13
reporter	[email protected]
source	https://www.exploit-db.com/download/26345/
title	YaPig 0.95 b view.php img_size Parameter XSS

Nessus

NASL family	CGI abuses
NASL id	YAPIG_EXIF_XSS.NASL
description	The remote host is running YaPiG, a web-based image gallery written in PHP. According to its banner, the version of YaPiG installed on the remote host is prone to arbitrary PHP code injection and cross-site scripting attacks.
last seen	2020-06-01
modified	2020-06-02
plugin id	19515
published	2005-08-27
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/19515
title	YaPiG <= 0.9.5b Multiple Vulnerabilities

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References